PT-2025-27464 · Electron · Electron
Published
2025-06-30
·
Updated
2025-07-16
·
CVE-2024-46993
CVSS v2.0
6.0
Medium
| Vector | AV:L/AC:H/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Electron versions prior to 28.3.2
Electron versions prior to 29.3.3
Electron versions prior to 30.0.3
Description:
The issue is related to heap buffer overflows in Electron's API, specifically affecting the
nativeImage.createFromPath() and nativeImage.createFromBuffer() functions. An Electron program using these functions can be vulnerable to a buffer overflow if an attacker controls the image's height, width, and contents.Recommendations:
Update to version 28.3.2 or later to resolve the issue for versions prior to 28.3.2.
Update to version 29.3.3 or later to resolve the issue for versions prior to 29.3.3.
Update to version 30.0.3 or later to resolve the issue for versions prior to 30.0.3.
Exploit
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electron